Open monperrus opened 5 months ago
Hi @monperrus Prior to the descriptor format introduced in Bitcoin, the script is simply the locking script that gets hashed into the address. Only our oldest legacy addresses are presented this way, and we compute the equivalent descriptor in this code. For newer addresses we present the descriptor directly. At some point we will eliminate this step and make the proof of reserves file completely descriptor based. We present these same 'scripts' as part of our User Wallet model in the API, so having them here in this form allows a user to verify it matches.
thanks a lot @shuckc
now it's clear:
compile_proofs
computes the descriptorsSee tentative documentation improvement at https://github.com/BitMEX/proof-of-reserves-liabilities/pull/20
Also, how does BitMEX prove ownership of a given address ? (for example by signing a challenge message)
With the old script-based wallets it was difficult for us to prove ownership other than by continued use of the keys to sign transactions to/from BitMEX claimed addresses (3BMEX....
), and since 3 of the pubkeys were reused for all legacy addresses, they became well known. This was a limitation of our signing infrastructure, it could only sign transactions not messages.
With the descriptor based addresses, we can sign a message using the usual bitcoin message signing/verification protocol to show ownership of each public key. Nearly all of our signing infrastructure now supports this, so we plan to add the latest messages signed by each pubkey to the reserves file, along the lines of:
A BitMEX key at regtest height 2441228 hash 000000000000002036b13b9bb7896478d518c661644cf3e441d108aba66c71fc
Where we will insert the latest block height, hash and network for each environment and update this periodically.
OKEX do something similar - they have each address sign the message "I am an OKX address", demonstrated here https://www.okx.com/proof-of-reserves
OKEX do something similar - they have each address sign the message "I am an OKX address", demonstrated here okx.com/proof-of-reserves
Yes, they are doing good proofs of reserves
so we plan to add the latest messages signed by each pubkey to the reserves file
that will be awesome, thanks for letting us know.
Hi BitMEX, I'm working on proof-of-reserves, thanks for the great repo.
I don't completely understand the reserve part.
And reading about the usage later:
Could you provide a bit more information and explain what the script means? What does it prove?
Thanks!